- Osquery agent fleet manager install#
- Osquery agent fleet manager update#
- Osquery agent fleet manager password#
UPDATE user SET plugin='caching_sha2_password' WHERE User=‘fleet’ ĬREATE USER IDENTIFIED BY 'F5KDS4wbjU61'
I also had to do this- UPDATE user SET plugin='mysql_native_password' WHERE User=‘fleet’ GRANT ALL PRIVILEGES ON *.* TO user SET plugin='auth_socket' WHERE User='fleet' Log into MySQL with sudo mysql -u root CREATE USER IDENTIFIED BY ‘F5KDS4wbjU61’ Had to create a new mysql user according to this
Osquery agent fleet manager password#
Mysql when asked for username and password add- root here we need to cope with a changed auth type in MySQL.
Osquery agent fleet manager install#
This is where the instructions diverged quite dramatically from the install instructions on the Fleet website- part of this is because they are directing you to a non production setup, part of it is because the instructions need updating. Make group called ‘certs’ sudo addgroup certs (all passwords have been changed to new random ones, don’t bother trying them against our infra unless you are incredibly bored and enjoy failure) Now we don’t want our services running as root, let’s create new user for fleet, and new groups for certificate access sudo adduser username fleet mdkFv6Pkl0Cr Move the binary to /usr/bin sudo mv fleet /usr/bin/ Once your host is running, download, unzip and relocate the fleet binary- wget The FleetDM instructions however refer to Ubuntu 16.04 and we are living a a brand new century which includes Ubuntu 20.04 so let’s use that… Install FleetDM But this is fine because on most cloud providers this is as difficult as opening the control panel and clicking a button. We use Ubuntu a fair bit as the basis for cloud or customer facing services, and the instructions for FleetDM on Ubuntu say ‘Acquiring an Ubuntu host to use for this guide is largely an exercise for the reader’. I think it’s a great project otherwise I wouldn’t have invested so much time, but now I need to go and write some queries to figure out when I can stop for lunch before someone installs another malware ‘sample’ on their computer… Some of these things are fairly trivial, but many are not. But before you do, have a look at the task list. STOP! This took a lot longer than I had budgeted for, but most issues were simply because the docs need updating- you may be able to leverage these instructions and get going faster, marry a supermodel etc. This article makes a lot of assumptions, so maybe read it through before you commit- I wanted to set up a server suitable for production, that can handle ~500 clients, have the web server on port 80/443 using SSL, have the clients also use a well known ports so it can work in corporate environments where we don’t control the firewall, etc.
I’ve tried to make the examples explicit- if you need to compare with original source, the links are provided. Unsurprisingly for someone who *doesn’t* currently manage computers at this scale, I had some issues getting it running, so here’s some tips that might help you. I did get to export data using Zoho’s Java connector for Zoho Analytics, but it was sooo ugly.įLeetDM is a serious, enterprise type app- they claim to have had instances with up to 150,000 live agents, but I figure I’ll need to retire at around 149,000. *Munkireport uses MySQL too, but even when I had a working instance I couldn’t slurp data out of it- there’s an API and even a Postman collection, but it just *wouldn’t*. Originally developed at Facebook, it also has some other cool features- like being able to load and search for known vulns etc. But my analytics engine uses SQL queries, and so does FleetDM, as it adds a GUI to OSQuery under the hood. I still love Munkireport and it’s beautiful graphing and helpful community. We’ve had some major issues running Munkireport recently, and while switching platforms mid ride is generally a really bad idea, I just wanted *something* to work and I had always wanted to try FleetDM, so…
0 kommentar(er)
